HSTS = HTTP Strict Transport Security
From the Django Docs on HSTS
For sites that should only be accessed over HTTPS, you can instruct modern browsers to refuse to connect to your domain name via an insecure connection (for a given period of time) by setting the “Strict-Transport-Security” header. This reduces your exposure to some SSL-stripping man-in-the-middle (MITM) attacks.
SecurityMiddleware will set this header for you on all HTTPS responses if you set the SECURE_HSTS_SECONDS setting to a non-zero integer value.
However this header can also be set by Nginx in the conf file, by adding a line:
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;";
So the question is, should we configure Nginx to set this header or Django SecurityMiddleware, by adding the HSTS settings in the project settings file?
It's entirely up to you. If you run multiple sites it might be easier to set a global value in your webserver settings. However, if you set it in Django it will be easier to move your application to a new webserver.